<?php
/**
 * Add a user 增加一个后台管理用户
 *
 */
$resultMsg = '';
if (count($_POST) && $_POST['username'] && $_POST['password']) {
	$count = $db->rows('SELECT count(*) as count FROM admin_users WHERE username="'.$_POST['username'].'"');
	if( isset($count['count'])&&($count['count'] == 0)){
		$password = md5($_POST['password']);
		$sql = 'INSERT INTO admin_users (username, password, email) VALUES(' .
		'"' . $_POST['username'] . '",' .
		'"' . $password . '",' .
		'"' . $_POST['email'] . '")';

		if($db->query($sql)) {
			$resultMsg .= 'Add Successful!';
			header('location: ?model=admin&action=users');
		} else {
			$resultMsg .= 'Add Failed!';
		}
	} elseif($_POST['id']) {
		/*update uesr*/
		$updteSql = 'UPDATE admin_users SET username="%s", email="%s"  WHERE id="%s"';
		$updtePaswdSql = 'UPDATE admin_users SET username="%s", email="%s", password="%s"  WHERE id="%s"';
		if($_POST['password']){
			$password = md5($_POST['password']);
			$res = $db->query(sprintf($updtePaswdSql, $_POST['username'], $_POST['email'], $password, $_GET['id']));
		} else {
			$res = $db->query(sprintf($updteSql, $_POST['username'], $_POST['email'], $_GET['id']));
		}
		if($res) {
			$resultMsg .= 'Update Successful!';
			header('location: ?model=admin&action=users');
		} else {
			$resultMsg .= 'Update Failed!';
		}
	}

}
$editUser = array(
	'username'=>'',
	'password'=>'',
	'email'=>'',
);

if($_GET['id']){
	$getUser = $db->rows('SELECT *  FROM admin_users WHERE id="'.$_GET['id'].'"');
	if($getUser) {
		$editUser = array_merge($editUser, $getUser);
	}
}


Basic :: setModelFile('head');
Basic :: setModelFile($_GET[action]);
Basic :: setModelFile('bottom');
$tpl->p($_GET[action]);
?>